diff --git a/source/tools/monitor/raptor/source/profile/command/ebpf.go b/source/tools/monitor/raptor/source/profile/command/ebpf.go index 6fec99a4d6c081180bbe8bfb19f9fd9a226303e1..452c15e787313c84a47b1d7c215671dd312735b1 100644 --- a/source/tools/monitor/raptor/source/profile/command/ebpf.go +++ b/source/tools/monitor/raptor/source/profile/command/ebpf.go @@ -118,6 +118,12 @@ func oncpuSpy(cfg *config.CPU) *cobra.Command { Args: cobra.NoArgs, RunE: cli.CreateCmdRunFn(cfg, vpr, func(_ *cobra.Command, _ []string) error { + if cfg.Encrypt != "base64" { + encrypt := sls.SLSEncrypt(cfg.Encrypt) + fmt.Printf("Text Encrypted by base64 is:\n%s\nOrigion text is:\n%s\n", encrypt, + sls.SLSDecrypt(encrypt)) + return nil + } return RunONCPU(cfg) }), } diff --git a/source/tools/monitor/raptor/source/profile/config/config.go b/source/tools/monitor/raptor/source/profile/config/config.go index 3a61957a1f29b8f09f9a793295fb44412871439b..343d343a114a9fedad65d7301d6c874b91c90db9 100644 --- a/source/tools/monitor/raptor/source/profile/config/config.go +++ b/source/tools/monitor/raptor/source/profile/config/config.go @@ -43,6 +43,7 @@ type CPU struct { AKSE string `def:"akse" desc:"SLS AccessKeySecret" mapstructure:"akse"` Project string `def:"akid" desc:"SLS Project" mapstructure:"project"` Logstore string `def:"akid" desc:"SLS Logstore" mapstructure:"logstore"` + Encrypt string `def:"base64" desc:"Encryte ak/sk" mapstructure:"encrypt"` //KubernetesNode string `def:"" desc:"Set to current k8s Node.nodeName for service discovery and labeling" mapstructure:"kubernetes-node"` //OnlyServices bool `def:"false" desc:"Ignore processes unknown to service discovery" mapstructure:"only-services"` } @@ -68,10 +69,11 @@ type NET struct { Delay int `def:"100" desc:"User take packet delay(ms)." mapstructure:"delay"` ExitTime int `def:"2" desc:"time of days the profiling to exit, default 2 days" mapstructure:"exitTime"` SymbolCacheSize int `def:"256" desc:"max size of symbols cache" mapstructure:"symbol-cache-size"` - SLS string `def:"unuser" desc:"producer/consumer data to/from SLS" mapstructure:"sls"` + SLS string `def:"unuser" desc:"producer/consumer/produceraw data to/from SLS" mapstructure:"sls"` Endpoint string `def:"endpoint" desc:"SLS Endpoint" mapstructure:"endpoint"` AKID string `def:"akid" desc:"SLS AccessKeyID" mapstructure:"akid"` AKSE string `def:"akse" desc:"SLS AccessKeySecret" mapstructure:"akse"` Project string `def:"akid" desc:"SLS Project" mapstructure:"project"` Logstore string `def:"logstore" desc:"SLS Logstore" mapstructure:"logstore"` + Encrypt string `def:"base64" desc:"Encryte ak/sk" mapstructure:"encrypt"` } diff --git a/source/tools/monitor/raptor/source/sls/config.go b/source/tools/monitor/raptor/source/sls/config.go index 21009c3082ffedb33959291dc46deb5f481382e1..1f838c76730c7e9b9ebd1290b1b9e5e074031d3b 100644 --- a/source/tools/monitor/raptor/source/sls/config.go +++ b/source/tools/monitor/raptor/source/sls/config.go @@ -1,6 +1,10 @@ package sls import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "encoding/base64" "fmt" ) @@ -9,18 +13,33 @@ const ( SLSPRODUCERAW string = "produceraw" SLSCONSUMER string = "consumer" SLSUNUSER string = "unuser" + KEY string = "1234567812345678" ) +func SLSEncrypt(text string) string { + return AesEncrypt(text, KEY) +} + +func SLSDecrypt(text string) string { + return AesDecrypt(text, KEY) +} + func SLSInit(slsType string, endpoint string, akid string, akse string, project string, logstore string) error { - + var ak string + var sk string + if akid != "akid" && akse != "akse" { + fmt.Printf("You should use encrypted akid/akse, the command is: rapotr oncpu --encrypt {raw akid/akse}\n") + ak = SLSDecrypt(akid) + sk = SLSDecrypt(akse) + } if slsType == SLSCONSUMER { fmt.Printf("===========SLS CONSUMER START=========\n") - c := NewSLSConsumer(endpoint, akid, akse, project, logstore) + c := NewSLSConsumer(endpoint, ak, sk, project, logstore) c.Init() } else if slsType == SLSPRODUCER || slsType == SLSPRODUCERAW { fmt.Printf("===========SLS PRODUCER START, TYPE:%s=========\n", slsType) - SlsProducer = NewSLSProducer(endpoint, akid, akse, project, logstore) + SlsProducer = NewSLSProducer(endpoint, ak, sk, project, logstore) SlsProducer.Init() } else if slsType == SLSUNUSER { } else { @@ -28,3 +47,43 @@ func SLSInit(slsType string, endpoint string, akid string, akse string, } return nil } + +func AesEncrypt(orig string, key string) string { + origData := []byte(orig) + k := []byte(key) + + block, _ := aes.NewCipher(k) + blockSize := block.BlockSize() + origData = PKCS7Padding(origData, blockSize) + blockMode := cipher.NewCBCEncrypter(block, k[:blockSize]) + cryted := make([]byte, len(origData)) + blockMode.CryptBlocks(cryted, origData) + + return base64.StdEncoding.EncodeToString(cryted) + +} + +func AesDecrypt(cryted string, key string) string { + crytedByte, _ := base64.StdEncoding.DecodeString(cryted) + k := []byte(key) + + block, _ := aes.NewCipher(k) + blockSize := block.BlockSize() + blockMode := cipher.NewCBCDecrypter(block, k[:blockSize]) + orig := make([]byte, len(crytedByte)) + blockMode.CryptBlocks(orig, crytedByte) + orig = PKCS7UnPadding(orig) + return string(orig) +} + +func PKCS7Padding(ciphertext []byte, blocksize int) []byte { + padding := blocksize - len(ciphertext)%blocksize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(ciphertext, padtext...) +} + +func PKCS7UnPadding(origData []byte) []byte { + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +}